[patch] [SCSI] aacraid: missing capable() check in compat ioctl

Dan Carpenter Tue, 29 Oct 2013 12:14:40 -0700

In d496f94d22d1 ('[SCSI] aacraid: fix security weakness') we added a
check on CAP_SYS_RAWIO to the ioctl.  The compat ioctls need the check
as well.


Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>

diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c
index 408a42e..f0d432c 100644
--- a/drivers/scsi/aacraid/linit.c
+++ b/drivers/scsi/aacraid/linit.c
@@ -771,6 +771,8 @@ static long aac_compat_do_ioctl(struct aac_dev *dev, 
unsigned cmd, unsigned long
 static int aac_compat_ioctl(struct scsi_device *sdev, int cmd, void __user 
*arg)
 {
        struct aac_dev *dev = (struct aac_dev *)sdev->host->hostdata;
+       if (!capable(CAP_SYS_RAWIO))
+               return -EPERM;
        return aac_compat_do_ioctl(dev, cmd, (unsigned long)arg);
 }
 
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[patch] [SCSI] aacraid: missing capable() check in compat ioctl

Reply via email to